Is there an equivalent to ALIAS/ANAME? - ssl

I am trying to get an SSL certificate on my custom domain on Heroku and the last thing it told me to do is add the following records:
Domain Record Type DNS Target
─────────────────── ─────────── ─────────────────────────────────
www.gethomesync.com CNAME www.gethomesync.com.herokudns.com
gethomesync.com ALIAS/ANAME gethomesync.com.herokudns.com
But my domain registrar GoDaddy doesn't have an option to add ALIAS or ANAME. I don't know much about DNS having only done quite basic tasks as and when I've needed them, is there an equivalent to ALIAS/ANAME that I can use through GoDaddy?
Thanks

A warning here. As pointed by #NikitaAvvakumov and #deviant in some comments, the accepted answer is not correct.
As mentioned in Heroku docs,
Root domains on Heroku require the use of "CNAME-like" records, often referred to as ALIAS or ANAME records.
Without these records,
Requests to https://example.com will fail with an SSL error.
Again, even if you choose to redirect from your root domain to a subdomain (ex: from example.com to www.example.com), it will only work for non-SSL requests. Any request to https://example.com will fail with an SSL error.
A simple solution to that would be to use another DNS host. For example, I use CloudFlare (the free plan is more than enough and offers great features) which uses what is called CName flattening that works with Heroku like having an ALIAS (they use this by default - you don't have to do anything else than configuring your nameservers and adding DNS records. You can check both Heroku and CloudFlare for tutorials - it's pretty easy).

You don't need to set up ALIAS/A record, just create a CNAME record pointing to gethomesync.herokussl.com (you can check the endpoint name with heroku certs Heroku Documentation):
Type Name Value
CNAME www gethomesync.com.herokudns.com
To create a naked domain (removes the need to write www) you need to forward your gethomesync.com to wwww.gethomesync.com:
Under Forwarding click on Domain -> 'Manage' -> then click 'Add Forwarding'
'Forward to' should be wwww.gethomesync.com (your domain)
'Redirect type' should be '301
'Forward settings' should be 'Forward only'

Related

Heroku Automated Certificate Management failed with one domain

I am trying to get the SSL certification for my app with Heroku, but the Automated Certificate Management is failing for one of both domain names.
I created the dyno before March 2017, so I had to run heroku certs:auto:enable as explained here.
Then, heroku domains returns:
Domain Name DNS Record Type DNS Target
─────────────── ─────────────── ─────────────────────────────
example.com ALIAS or ANAME example.com.herokudns.com
www.example.com CNAME www.example.com.herokudns.com
This seems to be in line with what heroku expects.
Anyway, heroku certs:auto returns:
Domain Status
─────────────── ────────────
example.com Failing
www.example.com OK
I admit that I am quite illiterate for settings concerning domains, DNS and so on. Therefore, this might be a very simple mistake from my side. However, I read the Heroku troubleshooting documentation and also similar questions in SO such as a this one or this one and still have no clue what is wrong.
The fact that www.example.com is OK but example.com is failing just confuses me even more. And unfortunately, I received a notification email with no failure reason.
Namecheap
I guess the problem is either on Heroku or where I bought the domain. That is Namecheap.com.
There, at the Domain tab I have:
NAMESERVERS Namecheap BasicDNS
REDIRECT DOMAIN Source URL Destination
example.com http://www.example.com
And at the Advanced DNS tab:
Type Host Value TTL
------------- ----- ------------------------------- -------
CNAME Record www example.com.herokudns.com Automatic
TXT Record # google-site-verification... Automatic
URL Redirect Record # http://www.example.com/ Unmasked
What am I doing wrong?
Update
The issue seems to be due to Namecheap. I found the following ticket on Heroku:
Issue
User is having trouble pointing their root domain (aka apex
domain/naked domain) to their Heroku app, either with setting the
right DNS records, or accessing it over HTTPS.
Resolution
Root domains on Heroku require the use of "CNAME-like" records, often
referred to as ALIAS or ANAME records.
Unfortunately, a number of popular DNS hosts such as GoDaddy,
Namecheap, Bluehost, and others do not support these types of records.
Instead they tend to offer the following:
A records
URL redirects / forwarding
There are caveats with both of these options...
Surprisingly, I did not find any place where all the steps were explained clearly. What I did so far is:
Open an account with a DNS host that supports this. I took DNSimple. At the time of writing, prices start from 5€/month but there is a trial month for free.
Transfering the domain costs 14€/year, so I just pointed the name servers at Namecheap to DNSimple and added the domain to DNSimple to create the DNS records.
Then came the configuration on DNSimple. I followed the step 1 in the documentation to redirect HTTP to HTTPs; ignored the step 2, since Heroku's ACM had already done it; and for the step 3 the article Pointing the Domain Apex to Heroku was very helpful. I added manually an ALIAS record and I also added a CNAME record, like this:
Type Name Content
───── ─────────────── ───────────────────────
ALIAS example.commyapp.com.herokudns.com
CNAME www.example.commyapp.com.herokudns.com
At the beginning nothing was working and the browser showed the following error:
This site can’t be reached
www.example.com’s server IP address could not be found.
Checking the troubleshotting documentation I saw that the only possibility was the Name server propagation delay, so I waited. It felt like a very long time, but it actually took less than one hour until the site got online again.
However, the SSL certification keeps failing more than 48 hours later...
For future reference: after contacting Heroku support, they manually refreshed my certificate request and it was finally issued for my app...
Check the answer here especially the CloudFlare solution as it is free
Automated certificate management also provisions you a free SSL cert
from https everywhere. You don’t need to buy a cert.
However namecheap won’t work with ACM because they don’t allow an
“alias” record for your “apex” domain I.e. your domain with no
subdomain so https://example.com not https://www.example.com
Your options are switch to a dns registrar that supports an “alias”
record such as dnsimple. They charge $5 a month in addition to the
domain registration fee.
Or alternatively use a free cloudflare instance which comes with SSL.
If you already bought a cert there is a way to upload it to Heroku via
an SSL addon.
I use both DNSimple/Heroku ACM on some apps and cloudflare on some
others. Both are equally nice but cloudflare is free and gives you a
CDN too.
https://www.reddit.com/r/Heroku/comments/7wh5r4/setting_up_ssl_with_heroku_namecheap/

How can I redirect a domain to another domain that includes a path (using DNS)?

I have two domains with GoDaddy: foo.com and bar.com
I want to redirect foo.com to bar.com/foo
I tried setting up Domain Forwarding from within the GoDaddy Dashboard and it did work, but not for HTTPS (which is the URL indexed within Google).
I checked with GoDaddy Support and received this response:
That will not work because your domain does not have an SSL Certificate active and there is no way to activate an SSL Certificate on it with a forward.
Maybe I'm overthinking this, but here's an alternative approach I had in mind:
Set the A record of foo.com to the same IP address that bar.com is using
Within the website code of bar.com, check the $_SERVER['SERVER_NAME'] and redirect appropriately
By using plain DNS this is not possible, the reason for this is that DNS is a protocol different than HTTP.
Some providers offer "forwarding" options but behind the scenes, they point your domain to an HTTP server the one later does the redirect.
For example, using CloudFlare this could be very easy to achieve, you need to setup up only one domain, let's say foo.com and then just create a page rule to redirect traffic to bar.com/foo, the rule could be something like:
*foo.com*
More info about the page rules can be found here: https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-

How Do I Create Sub-Sub-Domain on Cloudflare DNS?

I've let cloudflare manage the DNS of my example.com
I have created id.example.com for country's specific customer. I've done it by created cname id with alias example.com
I need to create customer portal: my.id.example.com. How?
In Cloudflare, open the DNS records for domain.example
Create a A record for example.id and enter the IP where my.id.domain.example will be hosted, and add record
Setup the site my.id.domain.example at the IP you specified
If domain.example is on Cloudflare and the Cloudflare nameservers have propagated, the sub-sub domain propagation should be more or less instant
As correctly noted by ThorSummoner and user296526, this will work on the Cloudflare free plan if you aren't using SSL.
If you want to have a sub sub domain with SSL on Cloudflare, you need to a dedicated Cloudflare dedicated SSL certificate which is available as a paid plan. To quote from the Cloudflare site:
Cloudflare Dedicated Certificate with Custom Hostname: $10 per domain
per month
Includes all benefits mentioned above for Dedicated Certificates
Protects your domain, subdomains (*.example.com), as well as up to 50
additional hostnames Can extend protection beyond first-level
subdomains (*.www.example.com, not just *.example.com) Dedicated SSL
certificates typically provision within a few minutes but can take up
to 24 hours.
Full details here
The accepted answer works fine only if you are not using SSL. As mentioned by #ThorSummoner, cloudflare wildcard SSL certificate is only valid for your domain example.com and *.example.com. It is NOT valid for *.*.example.com (Sub Subdomains or fourth level subdomains).
In order to have SSL for your fourth level subdomains, you will have to be on a paid cloudflare plan and will also need to buy a dedicated SSL certificate from within cloudflare control panel.
Please refer to below pages for more info:
https://support.cloudflare.com/hc/en-us/articles/219453397-Can-I-use-CloudFlare-SSL-certificates-on-my-fourth-level-subdomain-
https://support.cloudflare.com/hc/en-us/articles/228009108-Dedicated-SSL-Certificates
You need to create the subdomains at your hosting provider first, then you would come to your CloudFlare DNS settings and enter in the DNS records so that it resolves.
CloudFlare doesn't support true subdomains (i.e., subzones with nameserver delegation). But it does support what you want, i.e. specific records within a subdomain served by the same zone.
Simply create your record as you would any other record, and use my.id as the name (note the dot.) Lookup will work as you would expect it.

What should I put in Host Name when buying a DNSimple SSL certificate for it to work with the Heroku ssl addon?

I'm confused with this line in the Heroku docs (https://devcenter.heroku.com/articles/ssl-certificate)
You must enter a subdomain in the “Host Name” field. Leaving it blank will generate a root-domain certificate which is not compatible with Heroku’s SSL endpoint.
What I want is https://foo.com and https://www.foo.com to work.
So what do I need to fill in this field to get a SSL certificate that will help me achieve the above?
The rest of the steps (setting CNAME to Heroku's SSL endpoint, adding an ALIAS to redirect the root domain etc) are clear to me. I'm just stuck on this step, should it be blank or 'www' or something else?
If you want your certificate to be valid for the rood domain AND the www hostname, then you should use the www.example.com version.
You can also purchase a wildcard, but unless you need to support any extra subdomain, the cost is not worth in this case.
More details are available in the support page Selecting the Certificate Hostname.
You should fill in www.
www is just a subdomain so that will solve your www.foo.com problem but you will have to redirect the naked domain https://foo.com to the www one though.
Enter "*" for your host name, it will be valid for all subdomains including the root subdomain.

Heroku SSL DNS Settings

I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.
Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "#" host record set to URL Redirect (301) to "http://www.[domain].com".
My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".
I am getting the following results:
http://www.[domain].com - properly navigates to site as HTTPS
https://www.[domain].com - properly navigates to site as HTTPS
http://[domain].com - properly navigates to site as HTTPS
https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page
I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...
What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.
UPDATE: More information regarding my DNS settings
HOST NAME IP ADDRESS/URL RECORD TYPE
--------- -------------- -----------
# http://www.[domain].com URL Redirect (301)
www [whatever].herokussl.com. CNAME (Alias)
My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.
If you use DnsSimple, you can use their ALIAS record feature.
The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.
There may be other DNS vendors with their own similar features.
However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).